kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,119 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7119 Commits

Author SHA1 Message Date
Monis Khan 1154db23b1 jwt: strictly support compact serialization only 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: e89dddd4af67d34e441ec1733bdb22ce725d621c
 2024-02-27 12:40:59 -05:00
Lukasz Szaszkiewicz e53bac21d8 storage/watch_cache: rework getAllEventsSinceLocked 
Kubernetes-commit: ecaf2093f51fed5f544520b0ac00fb33a474b7f5
 2024-02-26 12:22:05 +01:00
Sean Sullivan b5f79f8dae streamtranslator counter metric by status code 
Kubernetes-commit: 03812ddb169725b0652744c2ecaa151f5c03887b
 2024-02-24 03:55:17 +00:00
Kubernetes Publisher f08c74c02d Merge pull request #123427 from alexzielenski/apiserver/policy/matching-refactor 
ValidatingAdmissionPolicy: Factor out matching and params logic for reuse with MutatingAdmissionPolicy

Kubernetes-commit: 446afd90b2e56e3f67372f413c1be62b4fc76b6d
 2024-02-22 20:38:53 +00:00
Cici Huang c8d2257e3a [KEP-3962]Add feature gate for MAP (#123425) 
* Add feature gate for MAP

* sort feature gates.

---------

Co-authored-by: Jiahui Feng <jhf@google.com>

Kubernetes-commit: 9bc5257c450f7dfda187bfadd96f32310a2eaa18
 2024-02-21 17:00:13 -08:00
Kubernetes Publisher fe1489716d Merge pull request #123348 from hoskeri/update-go-x-crypto-19 
Update x/crypto to 0.19.

Kubernetes-commit: 9a9028983806af26e7b48223f3a92922e94725df
 2024-02-21 20:38:58 +00:00
Kubernetes Publisher 290f0e4aff Merge pull request #123392 from thockin/depreciate 
Cleanup: s/depreciated/deprecated/g

Kubernetes-commit: 11785bb815d58eb553be3a1fa305464c35d860cc
 2024-02-21 12:41:17 +00:00
Kubernetes Publisher d23525a070 Merge pull request #123342 from logicalhan/storage-metric 
bump the stability level of apiserver_storage_size_bytes to STABLE

Kubernetes-commit: e613eb33885171a0584aa58cfad9e7c157d23326
 2024-02-21 12:41:14 +00:00
Lukasz Szaszkiewicz 19bd56380e storage/cacher: add TestGetWatchCacheResourceVersion, TestGetBookmarkAfterResourceVersionLockedFunc 
Kubernetes-commit: d629d3fa355ec90f618663b0933d28d335489c54
 2024-02-21 10:06:42 +01:00
Tim Hockin d38e8187d9 Cleanup: s/depreciated/deprecated/g 
Kubernetes-commit: 9f4b82bf3b079fe868effbd2498b61464db6d459
 2024-02-18 14:50:55 -08:00
Kubernetes Publisher 4bf12f9a46 Merge pull request #123330 from alexzielenski/flake-workaround 
flake: avoid flake by ensuring params appear in the initial list

Kubernetes-commit: 8a0147c8825ddd6afa56fd3e647e2d659683483c
 2024-02-18 04:43:13 +00:00
Kubernetes Publisher c3868a06e6 Merge pull request #123333 from liggitt/authz-metrics 
Add allowed/denied metrics for authorizers

Kubernetes-commit: 6ff6b519042b40ad9d7710ac132eb4e6231940e1
 2024-02-18 04:43:11 +00:00
Abhijit Hoskeri 759c2142c7 Update x/crypto to 0.19. 
Main reason is to pick up updated CA roots.

Full diff: https://github.com/golang/crypto/compare/v0.16.0...v0.19.0

Kubernetes-commit: d3a0e296defbb0b55e591e273004e79e7ebfb1fd
 2024-02-16 20:18:14 +00:00
Han Kang f615696539 bump the stability level of apiserver_storage_size_bytes to STABLE 
Kubernetes-commit: f38852768e312fe7b9775b92f7228371a0a96f90
 2024-02-16 09:13:46 -08:00
Kubernetes Publisher f68fe095ce Merge pull request #120902 from linxiulei/watch_stack 
Add handler to run execution in separate goroutine

Kubernetes-commit: 6c046796175de51e33290804a7665db5fa752a80
 2024-02-16 12:34:38 +00:00
Jordan Liggitt fe847b31f4 Add allowed/denied metrics for authorizers 
Kubernetes-commit: d5d3eddb95b657f03677c21498f185d70d87cdda
 2024-02-16 02:26:18 -05:00
Kubernetes Publisher 7eb4cd7173 Merge pull request #121946 from liggitt/reload-authz 
KEP-3221: Implement authorization configuration file reloading

Kubernetes-commit: 66d038d84d3d7da0394aca2720823fedadec0dee
 2024-02-16 04:34:39 +00:00
Alexander Zielenski dd139db676 refactor: use shared CollectParams from VAP 
Kubernetes-commit: 4760e0cc44fb0ee2a92d12ee2b17f094e7ea94ec
 2024-02-15 17:00:45 -08:00
Alexander Zielenski 9a4b2b3543 refactor: use match from generic pkg in vap 
It is same exact code, but uses accessors now

Kubernetes-commit: 64cd09f7208e7a45d87ab6436c833c984fa6e594
 2024-02-20 09:22:18 -08:00
Alexander Zielenski ed64edd4e0 add generic policy dispatcher 
similar to the generic policy source, applies common match logic

for code sharing with validating/mutating

Kubernetes-commit: 96c418a7b73f2f85be530ad9b987d70eeeab14b0
 2024-02-21 13:09:49 -08:00
Alexander Zielenski 48e4f369ee test: infer gvk of objects 
avoids relying on the GVK to be written to the object

Kubernetes-commit: 11ed3032c091bab4c56d471c8d0049ccb9c20efb
 2024-02-16 10:43:05 -08:00
Alexander Zielenski eed515aa23 refactor: handle paramKind directly 
remove hacks that might conceal errors

Kubernetes-commit: acf1d850c6153aae10f26ef3d3e21fa8a63b20e0
 2024-02-20 09:22:35 -08:00
Alexander Zielenski 223ffcc3b0 add functions to policy accessors for getting match information and params 
Kubernetes-commit: 6d5133f3ecd4ddb38a29dac69641fb56576491a2
 2024-02-15 16:33:41 -08:00
Alexander Zielenski 8e917a7cef flake: avoid flake by ensuring params appear in the initial list 
sometimes they would not appear in the initial list if they were added while the informer was starting up due to ObjectTracker race

Kubernetes-commit: def05a20e22f069a60f4190755e8c7244d18781c
 2024-02-15 13:58:29 -08:00
Kubernetes Publisher 2c41261361 Merge pull request #123306 from alexzielenski/apiserver/policy/move-owners 
move OWNERS from validating to all new parent policy folder

Kubernetes-commit: 8a57e3cc2b57ff6889643a0900324996c52eaac0
 2024-02-15 20:34:51 +00:00
Kubernetes Publisher 53b26606c5 Merge pull request #123305 from aramase/aramase/f/kep_3331_audience_match_policy_follow_up 
Add integration test for multiple audience in structured authn

Kubernetes-commit: 50bf3a2060ea798600af1a4c125e0b62d08e9680
 2024-02-15 16:34:53 +00:00
Kubernetes Publisher 8242123b04 Merge pull request #122887 from jpbetz/retry-generate-name-create 
Implement KEP-4420: Retry Generate Name

Kubernetes-commit: 58c77d7b63d0a027b37e2189f9de2728e5674169
 2024-02-15 05:33:54 +00:00
Kubernetes Publisher aa40040fbc Merge pull request #123282 from enj/enj/i/authn_config_algs 
Support all key algs with structured authn config

Kubernetes-commit: 72c3c7c924ec88bfb852fd75740ed7b0ab915c38
 2024-02-15 05:33:52 +00:00
Kubernetes Publisher 6d4e589c29 Merge pull request #123165 from aramase/aramase/f/kep_3331_audience_match_policy 
Add `AudienceMatchPolicy` and support multiple audiences in AuthenticationConfiguration

Kubernetes-commit: ba450636a455eedb78a18d21db8919e9afdd4e77
 2024-02-15 01:39:13 +00:00
Kubernetes Publisher f980dbe8f0 Merge pull request #123250 from benluddy/dep-bump-cbor-v2.6.0 
Bump github.com/fxamacker/cbor/v2 to v2.6.0.

Kubernetes-commit: e305e773bbfe8c5bdf9c57881a875e168b004b8c
 2024-02-15 01:39:12 +00:00
Kubernetes Publisher ffe03d21f3 Merge pull request #122919 from alexzielenski/apiserver/policy/mutating-initial 
Refactor AdmissionPolicy for code sharing with mutating

Kubernetes-commit: 684a9975fe0e1dac4ffe00c9826590f231bdd030
 2024-02-15 01:39:10 +00:00
Anish Ramasekar 1bc99127a6 Add integration test for multiple audience in structured authn 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 0feb1d5173c94e28da79963fb296296b005dd6a1
 2024-02-14 17:04:21 -08:00
Alexander Zielenski 7e9e7fe668 move OWNERS from validating to all new parent policy folder 
meant to do this in refactor PR

Kubernetes-commit: bd27c99262e73955af6af19a1d6d72fce6739522
 2024-02-14 16:32:08 -08:00
Monis Khan d887d80e81 Support all key algs with structured authn config 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b5e0068325da7aa5ca42a7d5ea6b0f012a519765
 2024-02-13 13:45:53 -05:00
Kubernetes Publisher 503dabd7e9 Merge pull request #123179 from aramase/aramase/f/encryption_config_reload_metric 
Add `apiserver_encryption_config_controller_automatic_reloads_total` metric and deprecate success/failure counter

Kubernetes-commit: 7abb063b42c7770628ee2b69e25370cf6334882a
 2024-02-13 17:30:58 +00:00
Ben Luddy 137045a592 Bump github.com/fxamacker/cbor/v2 to v2.6.0. 
Kubernetes-commit: aac43dc96f2b679f0ab030fd3512c7e03b0f2df4
 2024-02-12 15:46:17 -05:00
Anish Ramasekar f6b16dddb3 Add `apiserver_encryption_config_controller_automatic_reloads_total` 
metric

- Adds `apiserver_encryption_config_controller_automatic_reloads_total`
  metric with status label for encryption config reload success/failure.
- Deprecated `apiserver_encryption_config_controller_automatic_reload_failures_total` and `apiserver_encryption_config_controller_automatic_reload_success_total`

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 77241d31253baf051302fff7480c9601ad817399
 2024-02-07 19:44:41 +00:00
Kubernetes Publisher 9d6ad00bf4 Merge pull request #121486 from benluddy/cbor-stub 
KEP-4222: Add stub CBOR serializer.

Kubernetes-commit: 48228bf9dbac308f43abd59a53fdc069fbddee0f
 2024-02-10 01:48:31 +00:00
Kubernetes Publisher 76d76deeaf Merge pull request #123083 from jiahuif-forks/feature/validating-admission-policy/typechecking-variables 
ValidatingAdmissionPolicy: support variables

Kubernetes-commit: 002b0f00033e3fd4650dd4da3717b9187b8621e1
 2024-02-09 01:38:56 +00:00
Jiahui Feng 6f620d4d18 add test case for error inside variables. 
Kubernetes-commit: 3e777540fda8dda01bb72702b1e39675f21d2955
 2024-02-08 13:39:25 -08:00
José Carlos Chávez f099bff723 chore: adds consistent vanity import to files and provides tooling for verifying and updating them. (#120642) 
* chore: drops update vanity imports from script.

* chore: changes copyright year to 2024.

* chore: makes lint happy.

Kubernetes-commit: 6d6398ef9266abce3518a4c9a3d4e4d8feeffdc1
 2024-02-08 14:10:27 +00:00
Kubernetes Publisher 970932bc20 Merge pull request #123001 from tkashem/apf-allow-zero-concurrency 
Allow zero value for the 'nominalConcurrencyShares' field

Kubernetes-commit: 862ff187baad9373d59d19e5d736dcda1e25e90d
 2024-02-06 17:33:50 +00:00
Kubernetes Publisher 5bcf390db2 Merge pull request #122925 from tkashem/timeout-refactor-handle-error 
apiserver: refactor handleError in endpoints/filters

Kubernetes-commit: 35b1bc45ef380f8a95ccd6d24b0485d22ac41b68
 2024-02-06 13:30:57 +00:00
Kubernetes Publisher 8340bec347 Merge pull request #123098 from munnerz/4193-jti-audit-changes 
use authentication.kubernetes.io/issued-credential-id audit annotation in serviceaccount token registry endpoint

Kubernetes-commit: 8c6e940a970e3a910b02442c001735619a8c7ba4
 2024-02-05 17:30:48 +00:00
Kubernetes Publisher 7b91578b43 Merge pull request #122557 from liangyuanpeng/anp_0.29 
Bump konnectivity-client to v0.29.0

Kubernetes-commit: 6972fd7d0be4f85b98737aaf8c2e105b42c0de6e
 2024-02-05 17:30:47 +00:00
buddie.wei 586f61dd0f Fix the syntax error in the comment of the checkQuotas method. (#121428) 
* Update controller.go

Fix comment error.
From "It there was no quota change mark the waiter as succeeded." to "If there was no quota change mark the waiter as succeeded."

* Adjust the comments to maintain consistent tense throughout.

Adjust the comments to maintain consistent tense throughout.

Kubernetes-commit: 5855f5178f42dbc114b6c5ac1964a5dd62bb0957
 2024-02-06 00:45:00 +08:00
James Munnelly c60b23f298 use authentication.kubernetes.io/issued-credential-id audit annotation in serviceaccount token registry endpoint 
Kubernetes-commit: 7f12735fffdc490eae59e98d0f03638067b028de
 2024-02-02 16:57:16 +00:00
Kubernetes Publisher 9dc08c72a8 Merge pull request #115282 from tkashem/panic-warning 
apiserver: warning.AddWarning should not panic when request times out

Kubernetes-commit: ac6d67d27c63822298a9c725daec47f70dde94dc
 2024-02-02 01:30:00 +00:00
Jiahui Feng ab64beb117 add support of variables for Type Checking. 
Kubernetes-commit: dc832c6e59e98f8b842efe42d3f18a67e781779d
 2024-02-01 15:28:21 -08:00
Jiahui Feng 1501159ecb refactor type checking to use CompositedCompiler. 
Kubernetes-commit: 21ba0d59d3a29b5668d4ba712d5b130d458121c6
 2024-02-01 13:20:21 -08:00